Using Artificial Anomalies to Detect Unknown and Known Network Intrusions

San Jose, California November 29-December 02

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/ICDM.2001.989509

First IEEE International Conference o ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Wei Fan Articles by Matthew Miller Articles by Salvatore J. Stolfo Articles by Wenke Lee Articles by Philip K. Chan

	ASCII Text	x
	Wei Fan, Matthew Miller, Salvatore J. Stolfo, Wenke Lee, Philip K. Chan, "Using Artificial Anomalies to Detect Unknown and Known Network Intrusions," Data Mining, IEEE International Conference on, pp. 123, First IEEE International Conference on Data Mining (ICDM'01), 2001.

	BibTex	x
	@article{ 10.1109/ICDM.2001.989509, author = {Wei Fan and Matthew Miller and Salvatore J. Stolfo and Wenke Lee and Philip K. Chan}, title = {Using Artificial Anomalies to Detect Unknown and Known Network Intrusions}, journal ={Data Mining, IEEE International Conference on}, volume = {0}, year = {2001}, isbn = {0-7695-1119-8}, pages = {123}, doi = {http://doi.ieeecomputersociety.org/10.1109/ICDM.2001.989509}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Data Mining, IEEE International Conference on TI - Using Artificial Anomalies to Detect Unknown and Known Network Intrusions SN - 0-7695-1119-8 SP EP A1 - Wei Fan, A1 - Matthew Miller, A1 - Salvatore J. Stolfo, A1 - Wenke Lee, A1 - Philip K. Chan, PY - 2001 VL - 0 JA - Data Mining, IEEE International Conference on ER -

Wei Fan

Intrusion detection systems (IDSs) must be capable of detecting new and unknown attacks, or anomalies. We study the problem of building detection models for both pure anomaly detection and combined misuse and anomaly detection (i.e., detection of both known and unknown intrusions). We propose an algorithm to generate artificial anomalies to coerce the inductive learner into discovering an accurate boundary between known classes (normal connections and known intrusions) and anomalies. Empirical studies show that our pure anomaly detection model trained using nor al and artificial anomalies is capable of detecting ore than 77%of all unknown intrusion classes with more than 50%accuracy per intrusion class. The combined misuse and anomaly detection models are as accurate as a pure misuse detection model in detecting known intrusions and are capable of detecting at least 50%of unknown intrusion classes with accuracy measurements between 75% and 100%per class.

Citation:

Wei Fan, Matthew Miller, Salvatore J. Stolfo, Wenke Lee, Philip K. Chan, "Using Artificial Anomalies to Detect Unknown and Known Network Intrusions," icdm, pp.123, First IEEE International Conference on Data Mining (ICDM'01), 2001

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.